CertiPath, a credentialing authority for aviation, aerospace and defense organizations, has introduced architecture systems for federated physical access control that leverage high-assurance credentials. The concept demonstrates the viability of a single-credential system that can provide secure access for both physical and logical assets, and provide interoperability for employees, customers and partners.
Funded in part by the General Services Administration, CertiPath was tapped to design and oversee the implementation of a system that could overcome the fragmented, expensive and vulnerable approaches to managing physical and logical identity authentication and access control.
CertiPath’s architecture eliminates the need to physically issue visitor passes and enables certainty that each visitor is employed and in good standing with their employer. The system extends PKI-based security systems for managing and assuring logical access control to the challenges of managing and assuring physical access control.
CertiPath’s architecture conforms to the principles of NIST SP 800-116 and also:
- Leverages PIV, PIV-I , and Department of Defense Common Access Card credentials issued by any valid issuer, as well as Transportation Workers Identity Credentials
- Utilizes FIPS 201-certified (or in process) components
- Enables customers to upgrade physical access control system without replacing existing systems
- Leverages commercially available products to minimize custom solutions
- Uses the U.S. Federal Bridge to validate interagency trust
- Delivers cost-effective options to operate at one or multiple assurance levels
The system was installed and is in production at Exostar, the provider of collaboration solutions for the world’s largest aerospace and defense manufacturers and their 40,000 supply chain partners.
In the past, a visitor pass had to be issued for every single non-employee to enter the premises, and the visitor required an escort. Now visitors can use a single enterprise-issued smart card credential with an embedded chip containing digital certificates to enter the building.